1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security issue: Tomato "Root" credential remote code execution

Discussion in 'Tomato Firmware' started by Dutch87, Apr 17, 2012.

  1. Dutch87

    Dutch87 Serious Server Member

    Hello people,

    In the respective threads I have adressed this issue, without any response...
    So I'll try it giving it's own thread.

    As I'm not capable enough to compile and provide builds myself, therefore I hope I can rely on others to keep such a critical application as the Tomato firmware secure with the patches availble.

    If nobody cares about security, just say so...

    Here's the issue the whole internet is talking about
    https://www.samba.org/samba/security/CVE-2012-1182
    Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the "root" user.
    Patches are already availbe I hear around.
    Please, for me this is not an discussion about if it is a issue or not since you need to connect samba to the internet and it is or is not in Tomato (heck, LAN clients can also be malicious!), but about keeping stuff up-to-date and as secure as possible.
     
  2. Dutch87

    Dutch87 Serious Server Member

    No reply's? Wow...
     
  3. brueggma

    brueggma Networkin' Nut Member

    I'm personally not concerned about this issue. On my machine (toastman build) samba is bound to the internal network only that I control.. if someone besides me is on my internal network, I have bigger problems than samba.
     
  4. Dutch87

    Dutch87 Serious Server Member

    Jup, that's also a point. In my case the LAN is considerd partially hostile.
    Bigger problems concerning Tomato?

    But so far noone is going to patch?
     
  5. Dark_Shadow

    Dark_Shadow Addicted to LI Member

    You could patch it.
     
  6. Dutch87

    Dutch87 Serious Server Member

    Please, tell me h0w?
     
  7. Toastman

    Toastman Super Moderator Staff Member Member

    Done already, next release...
     
    Dutch87 likes this.
  8. Dutch87

    Dutch87 Serious Server Member

    As usual, Toastman, ur the hero ;)
     

Share This Page